Mercurial > vanilla
changeset 822:a73b34fe66ec
security/shadow: add custom PAM files recommended per LFS
author | David Demelier <markand@malikania.fr> |
---|---|
date | Wed, 21 Aug 2019 20:50:00 +0200 |
parents | c5cbe07af6a9 |
children | fdac78a6d06e |
files | security/shadow/chage security/shadow/chfn security/shadow/chgpasswd security/shadow/chpasswd security/shadow/chsh security/shadow/groupadd security/shadow/groupdel security/shadow/groupmems security/shadow/groupmod security/shadow/login security/shadow/newusers security/shadow/passwd security/shadow/shadow.sh security/shadow/su security/shadow/useradd security/shadow/userdel security/shadow/usermod |
diffstat | 17 files changed, 172 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/chage Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chage -- PAM configuration file for shadow's chage +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/chfn Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chfn -- PAM configuration file for shadow's chfn +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/chgpasswd Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chgpasswd -- PAM configuration file for shadow's chgpasswd +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/chpasswd Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chpasswd -- PAM configuration file for shadow's chpasswd +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/chsh Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chsh -- PAM configuration file for shadow's chsh +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/groupadd Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/groupadd -- PAM configuration file for shadow's groupadd +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/groupdel Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/groupdel -- PAM configuration file for shadow's groupdel +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/groupmems Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/groupmems -- PAM configuration file for shadow's groupmems +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/groupmod Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/groupmod -- PAM configuration file for shadow's groupmod +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/login Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,16 @@ +# +# /etc/pam.d/login -- PAM configuration file for shadow's login +# + +auth optional pam_faildelay.so delay=3000000 +auth requisite pam_nologin.so +auth include system-auth +account required pam_access.so +account include system-account +session required pam_env.so +session required pam_limits.so +session optional pam_lastlog.so +session optional pam_motd.so +session optional pam_mail.so standard quiet +session include system-session +password include system-password
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/newusers Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/newusers -- PAM configuration file for shadow's newusers +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/passwd Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,5 @@ +# +# /etc/pam.d/passwd -- PAM configuration file for shadow's passwd +# + +password include system-password
--- a/security/shadow/shadow.sh Wed Aug 21 20:45:00 2019 +0200 +++ b/security/shadow/shadow.sh Wed Aug 21 20:50:00 2019 +0200 @@ -22,7 +22,23 @@ PKGSUMMARY="password and account management" PKGDOWNLOAD="https://github.com/shadow-maint/shadow/releases/download/$PKGVERSION/$PKGNAME-$PKGVERSION.tar.xz" PKGOPTIONS="ACL ATTR NLS PAM SELINUX" -PKGPROTECT="etc/login.defs" +PKGPROTECT="etc/login.defs + etc/pam.d/chage + etc/pam.d/chfn + etc/pam.d/chgpasswd + etc/pam.d/chpasswd + etc/pam.d/chsh + etc/pam.d/groupadd + etc/pam.d/groupdel + etc/pam.d/groupmems + etc/pam.d/groupmod + etc/pam.d/login + etc/pam.d/newusers + etc/pam.d/passwd + etc/pam.d/su + etc/pam.d/useradd + etc/pam.d/userdel + etc/pam.d/usermod" : ${CHOST:=$(uname -m)-linux-musl} : ${CBUILD:=$(uname -m)-linux-musl} @@ -77,7 +93,7 @@ cd $PKGNAME-$PKGVERSION # - # disable groups, it's provided by busybox/coreutils and documentation + # Disable groups, it's provided by busybox/coreutils and documentation # by man-pages. # sed -i 's/groups$(EXEEXT) //' src/Makefile.in @@ -105,15 +121,12 @@ make DESTDIR=$DESTDIR ubindir=/bin usbindir=/bin install if [ "$PAM" = "yes" ]; then - # --disable-selinux does not update pam.d files - if [ "$SELINUX" = "no" ]; then - sed -i -e "/pam_selinux.so/d" \ - $DESTDIR/etc/pam.d/login \ - $DESTDIR/etc/pam.d/su - fi - - # pam_console.so isn't shipped with linux-pam. - sed -i -e "/pam_console.so/d" $DESTDIR/etc/pam.d/login + for i in \ + chage chfn chgpasswd chpasswd chsh groupadd groupdel \ + groupmems groupmod login newusers passwd su useradd \ + userdel usermod; do + install -Dm0600 ../$i $DESTDIR/etc/pam.d/$i + done fi cd ..
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/su Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,10 @@ +# +# /etc/pam.d/su -- PAM configuration file for shadow's su +# + +auth sufficient pam_rootok.so +auth include system-auth +auth required pam_wheel.so use_uid +account include system-account +session required pam_env.so +session include system-session
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/useradd Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/useradd -- PAM configuration file for shadow's useradd +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/userdel Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/userdel -- PAM configuration file for shadow's userdel +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/shadow/usermod Wed Aug 21 20:50:00 2019 +0200 @@ -0,0 +1,9 @@ +# +# /etc/pam.d/usermod -- PAM configuration file for shadow's usermod +# + +auth sufficient pam_rootok.so +auth include system-auth +account include system-account +session include system-session +password required pam_permit.so